The Berachain validators have coordinated to purposefully halt the Berachain network as the core team performs an emergency hard fork to address Balancer V2 related exploits on the BEX.
All balancer forked protocols infected.

Balancer exploitation was so sophisticated.
@EthSecurity1

A letter from sonic community to balancer hacker :

We know you are selling $stS to $S, but there is no way out from Sonic chain.

You won't be swapping for USDC (will get frozen instantly), USDT is liquidity is too thin along with S/ETH & S/BTC (non -existent)

So bridging is just not possible, unless u willing to take 60 to 70% haircut by swapping $3.6M S to ETH or BTC.

And guess what!
SonicLabs has wiped out all $S / wS holding of the hacker.

Sonic foundation could freez coins of certain wallet
@EthSecurity1

Here is three reports that close to what happend to balancer V2

Certora: Balancer Exploit Explained: What Went Wrong and Why v3 Is Safe - link

Coinspect Security: Balancer V2 Stable Pools Exploit — Rate Manipulation - link

Blocksec: Balancer V2 Report - link

@EthSecurity1

Secure dApps Against UI Spoofing __ part 1 Decoding Transactions, part 2 Simulating Transactions

RACE #40 Of The Secureum Bootcamp Epoch∞ write up

@EthSecurity1

Seems balancer hacker 's wallet was initially frozen stS, bypassed prohibition and swap to wBTC,ETH

Permit transaction: 0xe3eab35b288c086afa9b86a97ab93c7bb61d21b1951a156d2a8f6f5d5715c475

@EthSecurity1

Balancer announced that it successfully executed a rescue of ~$4.1M following a new exploit path. detailed information has not yet been disclosed
@EthSecurity1

Bad opsec: Collection of links on bad opsec

https://github.com/jermanuts/bad-opsec

@EthSecurity1

The Crypto OpSec Bible - link

The cryptography behind passkeys - link

Understanding and Characterizing Obfuscated Funds Transfers in Ethereum Smart Contracts - link

@EthSecurity1

The TEE security handbook is live now.

This document covers:
+ Defining TEEs
+ TEE attacks categorisation
+ Deep dive of TEE platforms
+ Threat modelling around TEEs
+ Security layers for TEE protocols
+ Best practices for engineers & protocols

https://docs.bluethroatlabs.com

@EthSecurity1

How Aztec works - link

math bugs drain millions from Defi protocols - link

Hackers found a new way to phish — through browser notifications.
A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal, Netflix, or TikTok.- Link
@EthSecurity1

nexa_network’s cross-chain token solution CATERC20 vulnerable to when switching owner it return zero. hacker used it to exploit port3 network. loss ~$160K
@EthSecurity1

Full list of packages that were affected by the latest npm attack :
ens packages
ethereum-ens
crypto-addr-codec
uniswap-router-sdk
valuedex-sdk
coinmarketcap-api
luno-api
soneium-acs
evm-checkcode-cli
gate-evm-check-code2
gate-evm-tools-test
create-hardhat3-app
test-hardhat-app
test-foundry-app
@accordproject/concerto-analysis
@accordproject/concerto-linter
@accordproject/concerto-linter-default-ruleset
@accordproject/concerto-metamodel
@accordproject/markdown-it-cicero
@accordproject/template-engine
@ifelsedeveloper/protocol-contracts-svm-idl

@EthSecurity1

All four signatures were off-chain signatures, but the safe
backend exposes them to anyone, as opposed to only other signers. This is a design decision: you don't have to auth the owners, but comes with a tradeoff. link

HINT: use localsafe.eth



@EthSecurity1

yETH exploited for $3m, unlimitted yETH minted.

yEth exploit Report by banteg - Link
@EthSecurity1

fusaka is loading ...

USPD protocol hacked for $1 m
Rootcause : front running initializing
@Ethsecurity1

This guy found a bug that double counting polymarket volume
@EthSecurity1

We passed 5000 subscribers
Sepas!
@EthSecurity1